AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

Claim 1 (Original): A method for providing security, comprising: 

separating a plurality of classes into at least a first trusted class and an untrusted class; 
associating privilege information with the first trusted class; and 

controlling access to the first trusted class by the untrusted class or a second trusted class 

based upon the privilege information associated with the first trusted class. 
Claim 2 (Original): The method of claim 1 further comprising: 

granting the untrusted class or the second trusted class a privilege related to the first 

trusted class based upon a permissive attribute of the privilege information; and 
wherein the step of controlling access depends upon the privilege. 
Claim 3 (Original): The method of claim 1 further comprising: 

refusing to grant the untrusted class or second trusted class a privilege related to the first 

trusted class based upon a permissive attribute of the privilege information; and 
wherein controlling access depends upon the privilege. 
Claim 4 (Original): The method of claim 2, wherein controlling access further comprises: 

determining if the privilege allows the untrusted class or second trusted class to interact 

with the first trusted class in a predefined manner; and 
permitting the access to the first trusted class in the predefined manner if the privilege 

permits the access. 

Claim 5 (Original): The method of claim 4 further comprising denying the access to the first 
trusted class in the predefined manner if the access to the first trusted class in the 
predefined manner is contrary to the privilege. 

Claim 6 (Original): The method of claim 5, wherein the privilege allows at least one of the 

group of creating a subclass of the first trusted class, creating a new instance of the first 
trusted class, allowing the untrusted class or second trusted class to invoke a method of 
the first trusted class, and allowing the untrusted class or second trusted class access to 
trusted data of the first trusted class. 

Claim 7 (Original): The method of claim 1, wherein the step of separating the classes further 
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comprises associating a package with the first trusted class. 
Claim 8 (Original): The method of claim 7, wherein associating the package further comprises 

encapsulating the first trusted class within the package. 
Claim 9 (Original): The method of claim 7, wherein the package further comprises: 

a key; 

a package name incorporating the key; 
the privilege information; and 
the first trusted class. 

Claim 10 (Original): The method of claim 1, wherein the step of separating the classes further 
comprises allocating a separate memory space for the first trusted class and the untrusted 
class. 

Claim 1 1 (Original): The method of claim 1, wherein the privilege information further 

comprises a plurality of permissive attributes. 
Claim 12 (Original): The method of claim 11, wherein the permissive attributes comprises at 

least one of the group of a subclass attribute, a new instance attribute, a method 

invocation attribute, and a trusted data access attribute. 
Claim 13 (Original): A method of claim 1 1 further comprising setting the permissive attribute to 

indicate a privilege grant to the untrusted class or second trusted class. 
Claim 14 (Original): The method of claim 1 1 , wherein a default for the permissive attribute 

indicates no privilege grant to the untrusted class or second trusted class. 
Claim 15 (Original): The method of claim 1, wherein controlling access to the first trusted class 

further comprises: 

detecting when a request for a trusted class operation is made by the untrusted class or 

second trusted class; 
determining that the trusted class operation is authorized based on the privilege 

information associated with the first trusted class; and 
allowing access to the first trusted class according to the trusted class operation. 
Claim 16 (Original): The method of claim 15, wherein the trusted class operation is at least one 
of a group of operations comprising a subclass operation, a new instance creation, a 
method call operation, and a trusted data access operation. 
Claim 17 (Original): A method of claim 15, wherein the step of determining further comprises 



determining that the trusted class operation is authorized based on the setting for at least 
one permissive attribute within the privilege information. 
Claim 18 (Original): A secure virtual machine instruction processor comprising: 
a first memory space for storing an untrusted class; 
a second memory space for storing a first trusted class; 

a privilege manager for managing privilege information associated with the first trusted 
class; and 

a controller for controlling access to the first trusted class during a trusted class operation, 
wherein the controller is operative to receive a request for the trusted class 
operation from the untrusted class or a second trusted class and grant access to the 
first trusted class based on at least one permissive attribute within the privilege 
information for the first trusted class. 
Claim 19 (Original): A processor of claim 18, wherein the request received by the controller is 

one of the group of a subclass attribute, a new instance attribute, a method invocation 

attribute, and a trusted data access attribute. 
Claim 20 (Original): A processor of claim 18, wherein the controller is further operative to 

permit access to the first trusted class in a predefined manner if the privilege permits the 

access. 

Claim 21 (Original): A processor of claim 18, wherein the controller is further operative to deny 
access to the first trusted class in a predefined manner if the privilege is contrary to the 
privilege. 

Claim 22 (Original): A processor of claim 18, wherein the first trusted class of the second 

memory space is associated with a package. 
Claim 23 (Original): A processor of claim 22, wherein associating the package further 

comprises encapsulating the first trusted class within the package. 
Claim 24 (Original): A processor of claim 22, wherein the package further comprises: 

a key; 

a package name incorporating the key; 
the privilege information; and 
the first trusted class. 

Claim 25 (Original): A computer-readable medium on which is stored instructions, which when 
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executed perform steps in a method for providing a secure virtual machine, the steps 
comprising: 

separating a plurality of classes into at least a first trusted class and an untrusted class; 
associating privilege information with the first trusted class; and 

controlling access to the first trusted class by the untrusted class or a second trusted class 
based upon the privilege information associated with the first trusted class. 
Claim 26 (Original): The computer-readable medium of claim 25 further comprising: 

refusing to grant the untrusted class or second trusted class a privilege related to the 
first trusted class based upon a permissive attribute of the privilege information; and 
wherein the step of controlling access depends upon the privilege. 
Claim 27 (Original): The computer-readable medium of claim 25 further comprising: 

granting the untrusted class or second trusted class a privilege related to the first 
trusted class based upon a permissive attribute of the privilege information; and 
wherein the step of controlling access depends upon the privilege. 
Claim 28 (Original): The computer-readable medium of claim 25 further comprising denying 
the access to the first trusted class in the predefined manner if the access to the first 
trusted class in the predefined manner is contrary to the privilege information. 
Claim 29 (Original): The computer-readable medium of claim 28 wherein the privilege 

information allows at least one of the group of creating a subclass of the first trusted 
class, creating a new instance of the first trusted class, allowing the untrusted class or 
second trusted class to invoke a method of the first trusted class, and allowing the 
untrusted class or second trusted class access to trusted data of the first trusted class. 



